On 05/27/2014 02:41 PM, Jesse Glick wrote:
On Tue, May 27, 2014 at 5:11 PM, Kohsuke Kawaguchi
<[email protected]> wrote:
I think we do need to define manifest entries for excerpt and labels, which
isn't even possible today.
As I have mentioned, the excerpt is generally identical or at least
similar to the POM description or /index.jelly, so why not use those
instead? (You need an index.jelly anyway.)
Yeah, that could work. <description> in POM is plain text, so I suppose
it's bit less expressive than what's allowed.
index.jelly is Jelly, but I guess we can assume they are HTML.
For HTMLs, we need to run them through OWASP sanitizer to prevent XSS
attacks. That was one of the original motivations of using Wiki, that
HTML is guaranteed to be clean.
the motivation for scraping the Wiki was to "crowd-source" the categorizations
of plugins
This does not make much sense to me. The plugin author is well placed
to decide on a category, just as they would decide on a proper display
name and so on. If the “crowd” wants to adjust that, well then we have
pull requests.
The point is that the categorization comes after the plugin comes into
being.
And I thought categorization is such a light-weight task that it should
be easy to label them. Creating pull request across dozens of plugins
feels too heavy weight.
it's not practical at this late
in game when we have 800+ plugins that do not have such metadata to begin
with.
I think it is practical. As a one-time batch task we scrape up
existing tags and record those in the UC generation tool as historical
fallback values; and edit the POMs of @jenkinsci plugins to define the
current labels (just like Nicolas did a batch update of repo
definitions a couple years back). Subsequent plugin releases would use
the value defined in the POM.
My feeling is that the time would be better spent on moving Confluence
or JIRA into another server like we've been planning, so that it can
tolerate the "DoS attack" of mere 1 request/sec.
I'm all for allowing pluin authors to definitely describe excerpt,
labels, and so on. But I also don't really see why we have to bend over
backward to avoid hitting Confluence.
--
Kohsuke Kawaguchi | CloudBees, Inc. | http://cloudbees.com/
Try Jenkins Enterprise, our professional version of Jenkins
--
You received this message because you are subscribed to the Google Groups "Jenkins
Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
